The importance of information sharing to ensuring network and information security is widely acknowledged by both policy-makers and by the technical and practitioner community – for example, in the European Programme on Critical Infrastructure Protection (EPCIP) and in the 2004 Availability and Robustness of Electronic Communications Infrastructures (ARECI) study, which noted that formal means for sharing information should be set up in order to ―improve the protection and rapid restoration of infrastructure critical to the reliability of communications within and throughout Europe‖. A 2009 gap analysis conducted by ENISA of good practice in respect of telecommunication network operators identified information sharing as a set of useful best practice.
Given the acknowledged importance of information sharing, this report sets out findings from a research project into the barriers to and incentives for information sharing in the field of network and information security, in the context of peer-to-peer groups such as Information Exchanges (IE) and Information Sharing Analysis Centres (ISACs).